Call for testing: OpenSSH-5.9

Darren Tucker dtucker at zip.com.au
Fri Sep 2 23:22:20 EST 2011 

On Fri, Sep 02, 2011 at 10:33:58PM +1000, Darren Tucker wrote:
> On Mon, Aug 29, 2011 at 6:31 PM, Darren Tucker <dtucker at zip.com.au> wrote:
> > On Mon, Aug 29, 2011 at 2:48 PM, Darren Tucker <dtucker at zip.com.au> wrote:
> > [...]
> >> confirmed: it's poll.
> >
> > Actually now I'm not sure about that.  Or rather I still think it's
> > poll, but maybe not in the place I originally thought.
> 
> OK, I think I have it figured out.  Here's my theory:
> 
> 1. it's poll()
> 2. some platforms (eg Solaris) implement select() on top of poll().
> Those are the ones where the test fails.
> 3. platforms that implement select() natively (eg Linux) are the ones that work.
> 4. the problem is not in atomicio, because poll is only used to
> prevent busy-waiting on EAGAIN.  if poll() fails it'll busy-wait on
> EAGAIN but otherwise work.  rather, the failure is in the main select
> loop.

Here's a configure test for this.  Tested on Linux and Solaris.

Index: configure.ac
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/configure.ac,v
retrieving revision 1.480
diff -u -p -r1.480 configure.ac
--- configure.ac	18 Aug 2011 04:48:24 -0000	1.480
+++ configure.ac	2 Sep 2011 13:09:06 -0000
@@ -2505,6 +2505,51 @@ elif test "x$sandbox_arg" = "xrlimit" ||
 		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
 	SANDBOX_STYLE="rlimit"
 	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
+
+	AC_MSG_CHECKING([if select works with zero available fds])
+	AC_RUN_IFELSE(
+		[AC_LANG_PROGRAM([[
+#include <sys/time.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#include <sys/resource.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+		]], [[
+	struct rlimit rl_zero;
+	int fd, r;
+	fd_set fds;
+
+	fd = open("/dev/null", O_RDWR);
+	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+	setrlimit(RLIMIT_FSIZE, &rl_zero);
+	setrlimit(RLIMIT_NOFILE, &rl_zero);
+	FD_ZERO(&fds);
+	FD_SET(fd, &fds);
+	r = select(fd+1, &fds, NULL, NULL, NULL);
+	if (r == -1)
+		exit(1);
+	exit(0);
+		]])], [
+			AC_MSG_RESULT(yes)
+			AC_DEFINE([SELECT_REQUIRED_FDS], [0],
+			    [number of available fds required for select])
+		], [
+			AC_MSG_RESULT(no)
+			AC_DEFINE([SELECT_REQUIRED_FDS], [1],
+			    [number of available fds required for select])
+		], [
+			AC_MSG_RESULT([cross-compiling, assuming yes])
+			AC_DEFINE([SELECT_REQUIRED_FDS], [0],
+			    [assuming select works with zero free fds])
+		]
+	)
 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
      test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
 	SANDBOX_STYLE="none"
Index: sandbox-rlimit.c
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/sandbox-rlimit.c,v
retrieving revision 1.2
diff -u -p -r1.2 sandbox-rlimit.c
--- sandbox-rlimit.c	23 Jun 2011 09:45:51 -0000	1.2
+++ sandbox-rlimit.c	2 Sep 2011 13:20:15 -0000
@@ -60,18 +60,20 @@ ssh_sandbox_init(void)
 void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
-	struct rlimit rl_zero;
+	struct rlimit rl;
 
-	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+	rl.rlim_cur = rl.rlim_max = SELECT_REQUIRED_FDS;
+	if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
+		fatal("%s: setrlimit(RLIMIT_NOFILE, { %d, %d }): %s",
+			__func__, (int)rl.rlim_cur, (int)rl.rlim_max, strerror(errno));
 
-	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
+	rl.rlim_cur = rl.rlim_max = 0;
+	if (setrlimit(RLIMIT_FSIZE, &rl) == -1)
 		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
 			__func__, strerror(errno));
-	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
-		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
-			__func__, strerror(errno));
+
 #ifdef HAVE_RLIMIT_NPROC
-	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+	if (setrlimit(RLIMIT_NPROC, &rl) == -1)
 		fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
 			__func__, strerror(errno));
 #endif

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list